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1. (Amended) A method for authenticating a user over a 
network^ comprising the steps of: 

providing an identification box at the local site of the 
user, and providing a central server at a remote site, with the 
identification box including a biometric reader, and with the 
identification box and the central server being connected over 
the network ; 

confirming the identity of the user to the central server, 
using the identification box; 

sending a unique math table from the central server to the 
identification box, with the unique math table being stored at 
both the central server and the identification box; 

measuring a first biometric parameter from the user with the 
biometric reader, and storing the first biometric parameter in 
encrypted form at the identification box and at the central 
server; 

sending a user request for authentication from the 
identification box to the central server; 

Br)- sending a random number from a remote oito the central 
server to a local site the identification box of a U3cr,j _ 

te^- measuring a f irot second biometric parameter from said 
the user with e the biometric reader—; 
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encrypting the second biometric parameter; 

ef comparing^ at the identification box, oaid firot the 
second encrypted biometric parameter with a the prcviouoly 
previous ly- s tored second first encrypted biometric parameter— j_ 

4f operating on said the random number , at the 
identification box, with a the unique math table to create a 
first cryptogram when a positive match occurs between oaid the 
first and second encrypted biometric parameters ; 

operating on the random number, at the central server, with 
the unique math table to create a second cryptogram; - 

ef sending said the first cryptogram from the 
identification box said local site to said remote oito the 
central server; 

for comparison comparing, at the central server, the first 
cryptogram with a the second cryptogram n internally generated 
cryptogram. ; and 

confirming the authenticity of the user when a positive 
match occurs between the first cryptogram and the second 
cryptogram. 
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2. (Cancelled) A method for authenticating a user over 
a network as in claim 1 further comprising the step of encrypting 
said first biometric parameter to form a first encrypted 
biometric parameter. 

3. (Cancelled) A method for authenticating a user over 
a network as in claim 1 further comprising the step of generating 
a first cryptogram from said random number if said first 
encrypted biometric parameter positively matches said second 
encrypted biometric parameter. 

4. (Cancelled) A method for authenticating a user over 
a network as in claim 1 further comprising the step of sending 
said first generated cryptogram to said remote site for 
comparison with a second cryptogram. 

5. (Cancelled) A method for authenticating a user over 
a network as in claim 4 wherein said second cryptogram is 

generated from a site other that from said local site. 

v 

6. (Amended) A method for authenticating a user over a 
network as in claim 1 further comprising the step of allowing the 
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user access to a second remote site if aaid the first cryptogram 
matches said the second cryptogram. 

7 . (Amended) A method for authenticating a user over a 
network comprising the steps of: 

providing an identification box at the local site of the 
user, and providing a central server at a remote site, with the 
identification box including a biometric reader, and with the 
identification box and the central server being connected over 
the network; 

confirming the identity of the user to the central server, 
using the identification box; 

sending a unique math table from the central server to the 
identification box, with the unique math table being stored at 
both the central server and the identification box; 

measuring a first biometric parameter from the user with the 
biometric reader, and storing the first biometric parameter in 
encrypted form at the identification box and at the central 
server; 

sending a user request for authentication from the 
identification box to the central server; 
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ar)- sending a first random number from the central server e 
remote site to the identification box the oitc of the uoerj _— 

measuring a second biometric parameter from said the 
user with e the biometric readerj_ 

encrypting the second biometric parameter ;- r 

ef comparing , at the identification box, the second 
encrypted said firot encrypted biometric parameter with a second 
encrypted biometric parameter the previously^stored first on oaid 
encrypted biometric reader parameter;— 

dr)- generatin g, at the identification box, a second random 
number when oaid the first encrypted biometric parameter does not 
positively match said the second encrypted biometric parameter^— 

ef operating on said the second random number , at the 
identification box, with e the unique math table to create a 
first cryptogram when a positive match fails to occur between 
said first and second encrypted biometric parameters, 

operating on the first random number, at the central server, 
with the unique math table to create a second cryptogram; 

■§f sending said the first cryptogram from said local oitc 
the identification box to oaid remote oitc for the central 
server; 
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comparison comparing; at the central server, the first 
cryptogram with an internally generated the second cryptogram^ 
and 

denying the authenticity of the user when there is no match 
occurs between the first cryptogram and the second cryptogram. - r 

8. (Amended) A method for authenticating a user over a 
network as in claim 7 f urhter further comprising the step of 
denying the user access to a second remote site if said the first 
cryptogram does not match oaid the second cryptogram. 

9. (Cancelled) A method for authenticating a user over 
a network as in claim 7 further comprising the step of generating 
a first cryptogram from said second random when said first 
encrypted biometric parameter does not match said second 
biometric parameter. 

10. (New) A method according to claim 1 further 
comprising: 

providing a second identification box at a second remote 
site, with the second identification box including a second 
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biometric reader, and with the second identification box and the 
central server being connected over the network; 

sending a user request for authentication from the second 
identification box to the central server; 

sending the unique math table and the first encrypted 
biometric parameter from the central server to the second 
identification box; 

sending a second random number from the central server to 
the second identification box; 

measuring a third biometric parameter from the user with the 
second biometric reader; 

encrypting the third biometric parameter; 

comparing, at the second identification box, the third 
encrypted biometric parameter with the first encrypted biometric 
parameter; 

operating on the second random number, at the second 
identification box, with the unique math table to create a third 
cryptogram when a positive match occurs between the, first and 
third encrypted biometric parameters; 

operating on the second random number, at the central 
server, with the unique math table to create a fourth cryptogram; 
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sending the third cryptogram from the second identification 
box to the central server; 

comparing, at the central server, the third cryptogram with 
the fourth cryptogram; and 

confirming the authenticity of the user when a positive 
match occurs between the third cryptogram and the fourth 
cryptogram. 

11. (New) A system for authenticating a user over a 
network, comprising: 

an identification box at the local site of the user, with 
the identification box including a biometric reader, and the 
identification box being connected to a central server over the 
network; 

the identification box comprising apparatus adapted to: 

(i) receive a unique math table from the central server and 
to store the same; 

(ii) measure a first biometric parameter from the user and 
store the first biometric parameter in encrypted form; 

(iii) send a user request for authentication to the central 
server; 

(iv) receive a random number from the central server; 
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IXl measure a second biometric parameter from the user; 

(vi) encrypt the second biometric parameter; 

(vii) compare t he second encrypted biometric parameter with 

the previously-stored first encrypted biometric parameter .- 

(viii > operate on the random number with the unique math 

table to create a first cryptogram when a positive match occurs 
between the first a nd second encrypted biometric parameters; and 

(ix) send the first cryptogram to the central server. 
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